ssl

Summary

Example object

{
  "cipher_filter": "",
  "protocols": [
    "TLSv1_0",
    "TLSv1_1",
    "TLSv1_2",
    "TLSv1_3"
  ],
  "cert_key_pairs": [
    {
      "certificate_path": "/etc/proxy/tls/sidecar/server.crt",
      "key_path": "/etc/proxy/tls/sidecar/server.key"
    }
  ],
  "trust_file": "/etc/proxy/tls/sidecar/ca.crt",
  "sni": null
}

Fields

`cipher_filter`

Envoy cipher suite. If specified, only the listed ciphers will be accepted. Only valid with TLSv1-TLSv1.2, but has no affect with TLSv1.3.

Examples include the values below, but full options should be found in the link above.

[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES128-SHA
AES128-GCM-SHA256
AES128-SHA
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES256-SHA
AES256-GCM-SHA384
AES256-SHA

`protocols`

Array of SSL protocols to accept: "TLSv1_0", "TLSv1_1", "TLSv1_2", "TLSv1_3"

`cert_key_pairs`

Array of (cert, key) pairs to use when sending requests to the instances of the cluster. Each cert or key must point to files on disk.

`trust_file`

String representing the path on disk to the SSL trust file to use when sending requests to the instances of the cluster. If omitted, then no trust verification will be performed.

`sni`

String representing the intended target of the request. Used when the server is behind a load balancer that identifies hosts through SNI.

Previouscircuit-breakers Nexthealth checks

Last updated 4 years ago

Was this helpful?